Follow
Getting Started with the Enhanced Authentication Experience

Workfront is changing the way we manage users and passwords. The enhanced authentication experience will release in a phased approach. The end result will be a consistent and more secure sign-in experience across all Workfront products and services. 

Authentication Functionality Comparison

The following table provides details about current and future functionality:

Feature

Current Authentication Enhanced Authentication

Login options

Enable a single username to be used for all Workfront products and services, including training, support, and others

Not available

Planned for future

Allow using the same email address across Workfront instances

Not available

Planned for future

Email addresses are case-sensitive

 

Not planned

Multiple users cannot have the same email address if the address differs only by case. 

Password management options

Instigate a password reset email for a user as the Workfront administrator

Not available 

Set a temporary password for a user as the Workfront administrator

Not planned

This functionality is not a security best practice

Password policy requirements

Require users to reset passwords after a certain timeframe

Not planned

This functionality is not a security best practice

Restrict users from using a previous password 

Not planned 

Safeguard against incorrect password entry attempts 

✓ 

Locks the account after a certain number of incorrect password entry attempts as configured by the Workfront administrator

Planned for future

Wait time is exponentially increased after each successive incorrect password based on industry best practices; the time required is not configurable by the Workfront administrator

Require a mix of lowercase, uppercase, numbers, and special characters

 

Enhanced flexibility in choosing specific requirements

Set a minimum password length 

Not available   

Single Sign-On Protocol support  

Supports SSO integrations that are compliant with Active Directory and LDAP protocols

  Not planned 

Supports SSO protocols that are compliant with SAML 2.0 

 

Configure the Workfront login page to always redirect to the identity provider login page

Not available 

Environment support

Available for Production environments

 
Available for Preview and Sandbox environments    Planned for future 

Configuring and Managing the Enhanced Authentication Experience for Your Organization as the Workfront Administrator

If you cannot complete the steps described in this section, your organization has not yet been migrated to the Enhanced authentication experience. The migration is happening as a phased rollout, and you will be notified prior to your organization being migrated. Until then, follow the steps in Using Legacy Authentication (for Organizations Not Yet Migrated to the Enhanced Authentication Experience).

The following sections describe how to configure and manage the enhanced authentication experience:

Changing Matching Emails

When using the enhanced authentication experience, an email address can be used in the same customer account only once (even with different uppercase and lowercase combinations). You must change any matching emails before your organization is migrated.

Configuring Your Email System to Allow Emails for Enhanced Authentication

You should configure your email system to allow emails from the following email address:

no-reply@verificationemail.com

This is the email address Workfront uses to send emails to users for the following purposes:

If you do not configure your email system to allow emails from this address, these important emails might go to the user's spam folder.

Configuring Password Policies for Enhanced Authentication

For information about how to configure password policies for the enhanced authentication experience, see "Configuring Enhanced Authentication" in the article "Configuring Password Policies for Authentication."

Updating SAML 2.0 Metadata in Your Identity Provider

For information about configuring SAML 2.0 metadata, see "Updating SAML 2.0 Metadata in Your Identity Provider When Using the Enhanced Authentication Experience"

Resetting Passwords for Users as the Workfront Administrator

With the enhanced authentication experience, you can no longer manually reset another user's password when editing a user as a Workfront administrator. Instead, you can initiate a Forgot Password email.

NOTE Users must have a valid email address to be able to retrieve their password.

To send the Forgot Password email:

  1. Go to the People area, then click the People tab. 
  2. Select the users whose passwords you want to reset.
  3. Click More > Send Forgot Password Email.
    Send-Forgot-Password.png

Resetting Your Administrator Password

  1. Click your profile picture in the upper-right corner of the Workfront interface, then click My Settings.
  2. In the My Settings dialog box, click Reset Password.
    A new pop-up is displayed where you can specify your new password.

    Reset-my-password.png
  3. After you confirm your new password, you should receive a confirmation email. Go to your email inbox and look for an email from "no-reply@verificationemail.com". This email might be in your spam folder.

Logging In to Workfront with the Enhanced Authentication Experience Configured

NOTE The migration affects only Production accounts. Use your existing login credentials when accessing Preview or Sandbox instances of Workfront.

The first time you log in to Workfront after your organization is upgraded to the enhanced authentication experience:

  1. In a web browser, go to your Workfront site.
  2. Use your current Workfront login credentials to log in to the Workfront site.
  3. When prompted, reset your password.
    You can use your existing password if it complies with the new password requirements.
    reset-password-on-login.png

Using Legacy Authentication (for Organizations Not Yet Migrated to the Enhanced Authentication Experience)

If your organization has not yet been migrated to the enhanced authentication experience, you must continue to use the legacy form of authentication until your organization is migrated to the new form of authentication.

For information about how to view or modify legacy authentication settings, see "Configuring Legacy Authentication" in the article "Configuring Password Policies for Authentication."

This article last updated on 2018-10-18 21:58:23 UTC